Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
51
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
180
Getting Started in Bug Bounty
jr0ch17
0
160
Getting Blindly Lucky
jr0ch17
0
97
Qu'est-ce que le bug bounty?
jr0ch17
0
150
Finding 5 bugs in a single parameter
jr0ch17
0
110
Beyond the Borders of Scope
jr0ch17
1
92
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
マルチプレーンGPUネットワークを実現するシャッフルアーキテクチャの整理と考察
markunet
2
250
Scrumは歪む — 組織設計の原理原則
dashi
0
180
Zeal of the Convert: Taming Shai-Hulud with AI
ramimac
0
100
Dr. Werner Vogelsの14年のキーノートから紐解くエンジニアリング組織への処方箋@JAWS DAYS 2026
p0n
1
140
決済サービスを支えるElastic Cloud - Elastic Cloudの導入と推進、決済サービスのObservability
suzukij
2
640
チームのモメンタムに投資せよ! 不確実性と共存しながら勢いを生み出す3つの実践
kakehashi
PRO
1
110
Yahoo!ショッピングのレコメンデーション・システムにおけるML実践の一例
lycorptech_jp
PRO
1
210
親子 or ペアで Mashup for the Future! しゃべって楽しむ 初手AI駆動でものづくり体験
hiroramos4
PRO
0
130
[JAWSDAYS2026][D8]その起票、愛が足りてますか?AWSサポートを味方につける、技術的「ラブレター」の書き方
hirosys_
3
180
AI時代の「本当の」ハイブリッドクラウド — エージェントが実現した、あの頃の夢
ebibibi
0
120
JAWSDAYS2026 [C02] 楽しく学ぼう!AWSとは?AWSの歴史 入門
hiragahh
0
160
スクリプトの先へ!AIエージェントと組み合わせる モバイルE2Eテスト
error96num
0
180
Featured
See All Featured
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
320
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.9k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
53k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Typedesign – Prime Four
hannesfritz
42
3k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.2k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
110
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
190
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
470
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.8k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
markunet
.jpg){kind=avatar}
dashi
ramimac
p0n
suzukij
kakehashi
lycorptech_jp
hiroramos4
hirosys_
ebibibi
hiragahh
error96num
rkendrick25
reverentgeek
nwiizo
morganepeng
hannesfritz
aleyda
techseoconnect
cassininazir
tanoku
garrettdimon
